Is it possible to secure an assembly called by a web app?
From: Bosco (Bosco_at_discussions.microsoft.com)
Date: 09/22/04
- Next message: [MSFT]: "RE: Web Service and SSL"
- Previous message: richlm: "Re: Hierarchy in user management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Sep 2004 15:49:01 -0700
I am writing an assembly in the 1.1 framework that will be called by an
ASP.NET application and I have a few questions about security.
First off the assembly to be called by the web app is 'privileged code' as
it makes numerous calls to both DirectoryServices and possibly in the future
ADO.
I am trying to understand how I can use Code Access Security or
Identity/Principal objects in order to authorize access to the public Classes
and methods of my privileged dll.
I cannot strong name the ASP assembly so I couldn't simply place Code Access
Security on the privileged assembly limiting it to the ASP assembly only.
And also, if I understand correctly, ASP Principal and Identity objects work
differently in ASP assemblies than in non-ASP assemblies. i.e. in non-ASP
assemblies the identity is tied to the thread where as in ASP the identity is
tied to
cookies or some other form of session state.
So how does a privileged dll that is to be called by an ASP web application
assembly restrict access to it's public classes and methods or implement any
sort of security policy at all?
Thanks in advance,
-------------
Bosco
-- ----------- Bosco
- Next message: [MSFT]: "RE: Web Service and SSL"
- Previous message: richlm: "Re: Hierarchy in user management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
